1 / 65

Balancing Security and Privacy in Times of Cyberterror

Explore the intricate relationship between security and privacy in the realm of cyberterrorism, highlighting the challenges and consequences of navigating this delicate balance. Discover the importance of safeguarding personal information while ensuring online security measures. Learn about authentication mechanisms, identity management trends, and the significance of anonymity in online interactions. Delve into the dilemma of maintaining privacy while requiring identification in the cyber world, considering issues like spam, phishing, and cyber threats. Unravel the complexities of cybersecurity and privacy in the digital era.

chacko
Download Presentation

Balancing Security and Privacy in Times of Cyberterror

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Balancing Security and Privacyin Times of Cyberterror NERCOMP March 21, 2007 Steve Worona EDUCAUSE sworona@educause.edu

  2. The Internet ObeysOnly One Law

  3. The Internet ObeysOnly One Law The Law of Unintended Consequences

  4. or…

  5. Be careful what you ask for…

  6. …you might just get it

  7. Example 1: A Story from the Dawn of (Internet) Time It all started in 1995 with a simple question: What’s the best resource for filtering out adult material for K-12 students? • Net Nanny • Cybersitter • Surfwatch • Cyber Patrol • Etc.…

  8. Example 2:A Poll on Campaign Finance

  9. Example 2:A Poll on Campaign Finance Proposition 1:Who are our political candidates taking money from? This should be public information.(Agree/Disagree?)

  10. Example 2:A Poll on Campaign Finance Proposition 1:Who are our political candidates taking money from? This should be public information.(Agree/Disagree?) Proposition 2:What political candidates are you giving money to? This should be public information.(Agree/Disagree?)

  11. www.fec.gov

  12. Example 3:Do you want Privacyor Privacy?

  13. Example 3:Do you want Privacyor Privacy? Sorry, you can’t have both.

  14. “You can’t have Privacywithout Security”

  15. “You can’t have Privacywithout Security” • Privacy: Ensuring that your personal information doesn’t fall into the wrong hands

  16. “You can’t have Privacywithout Security” • Privacy: Ensuring that your personal information doesn’t fall into the wrong hands • “VA Data Files on Millions of Veterans Stolen” • “Bank of America Loses A Million Customer Records” • “UCLA Warns 800,000 of Computer Break-In”

  17. “You can’t have Privacywithout Security” • Privacy: Ensuring that your personal information doesn’t fall into the wrong hands • “VA Data Files on Millions of Veterans Stolen” • “Bank of America Loses A Million Customer Records” • “UCLA Warns 800,000 of Computer Break-In” • HIPAA, FERPA, etc. • State and federal data-spill notification mandates

  18. “You can’t have Privacywithout Security” • Privacy: Ensuring that your personal information doesn’t fall into the wrong hands • “VA Data Files on Millions of Veterans Stolen” • “Bank of America Loses A Million Customer Records” • “UCLA Warns 800,000 of Computer Break-In” • HIPAA, FERPA, etc. • State and federal data-spill notification mandates • Security: Limiting everyone’s activity to only the things they have a right to see and do • Who is trying to access data (“Authentication”) • Whether they have the right (“Authorization”)

  19. So Whenever Anyone Does Anything Online,We Want to Know…

  20. So Whenever Anyone Does Anything Online,We Want to Know… • Who they are

  21. So Whenever Anyone Does Anything Online,We Want to Know… • Who they are • What they’re doing

  22. So Whenever Anyone Does Anything Online,We Want to Know… • Who they are • What they’re doing • Why they’re doing it

  23. Authentication Mechanisms • Accounts and passwords • ATM cards and PINs • Smart cards • Challenge/response systems • Digital certificates • Key-fob tokens • Biometrics • Etc…

  24. Identity Management Trends • Single sign-on • With possible refresh for sensitive transactions • Network sign-on • Stronger authentication • “Guest” authentication • Wireless authentication • Identity intermediaries • Shibboleth

  25. Another Definition of Privacy • Privacy: The ability to go about your daily life without leaving a trail; the ability to read, speak, attend meetings, etc. anonymously

  26. The Importance of Anonymity “Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.” – Hugo Black, Talley v. California, 1960

  27. Privacy1 vs Privacy2 • Privacy1: Ensuring that your personal information doesn’t fall into the wrong hands. (“Confidentiality”) • Privacy2: The ability to go about your daily life without leaving a trail; the ability to read (speak, attend meetings, etc.) anonymously. (“Anonymity”)

  28. The Dilemma

  29. The Dilemma • We want to go through cyber-life without leaving a trail

  30. The Dilemma • We want to go through cyber-life without leaving a trail • But we want everyone who comes in contact with our data (and with us) to be identified and monitored

  31. The Dilemma • We want to go through cyber-life without leaving a trail • But we want everyone who comes in contact with our data (and with us) to be identified and monitored • Spam • Phishing • Threats • Poison-pen postings • Baseless accusations • Etc…

  32. The Dilemma • We want to go through cyber-life without leaving a trail • But we want everyone who comes in contact with our data (and with us) to be identified and monitored Not Much Different Than • We want everyone to know who the candidates are getting money from • But we don’t want anyone to know who we are giving money to

  33. Privacy Can Be Tricky:Consider Chat Rooms • In general you have no legal “expectation of privacy” in a chat room because you don’t know who else is listening • You’re essentially speaking in public • You have no reason to believe a police officer (on- or off-duty) isn’t present • US vs Charbonneau

  34. Privacy Can Be Tricky:Consider Chat Rooms • In general you have no legal “expectation of privacy” in a chat room because you don’t know who else is listening • You’re essentially speaking in public • You have no reason to believe a police officer (on- or off-duty) isn’t present • US vs Charbonneau • What are the limitations on government surveillance of chat rooms?

  35. Privacy Can Be Tricky:Consider Chat Rooms • In general you have no legal “expectation of privacy” in a chat room because you don’t know who else is listening • You’re essentially speaking in public • You have no reason to believe a police officer (on- or off-duty) isn’t present • US vs Charbonneau • What are the limitations on government surveillance of chat rooms? • Child molestors

  36. Privacy Can Be Tricky:Consider Chat Rooms • In general you have no legal “expectation of privacy” in a chat room because you don’t know who else is listening • You’re essentially speaking in public • You have no reason to believe a police officer (on- or off-duty) isn’t present • US vs Charbonneau • What are the limitations on government surveillance of chat rooms? • Child molestors • Dissident political groups

  37. The Dilemma • We want to go through cyber-life without leaving a trail • But we want everyone who comes in contact with our data (and with us) to be identified and monitored Not Much Different Than • We want everyone to know who the candidates are getting money from • But we don’t want anyone to know who we are giving money to

  38. “Identified and Monitored” • “Government Plans Massive Data Sweep” • “Feds Get Wide Wiretap Authority” • “NSA Has Massive Database of Americans’ Phone Calls” • “Finance-Monitoring Program Amounts to Spying” • “Police Chief Wants Surveillance Cameras in Houston Apartments” • “Future Fuzzy for Government Use of Public Surveillance Cameras”

  39. Why Now?

  40. Why Now? • Because we can

  41. Why Now? • Because we can • Technology now makes it possible to collect, maintain, and process everything you do • Moore’s Law is not being repealed • Brain = 1TB = $500 retail • Gordon Bell: MyLifeBits (10TB) • Library of Congress = 100TB • WORM drives • The Internet Archive • Ray Kurzweil: “The Singularity Is Near”

  42. Why Now? • Because we can • And so our only limitations are those we choose to impose on ourselves

  43. Why Now? • Because we can • Because we (think we) must

  44. Why Now? • Because we can • Because we (think we) must • Why?

  45. Why Now? • Because we can • Because we (think we) must • Because it makes law enforcement easier

  46. Law Enforcement and Data • Specific, focused, temporary • Tap, probe, monitor, investigate what’s needed to deal with a particular crime or threat

  47. The Fourth Amendment The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

  48. Law Enforcement and Data • Specific, focused, temporary • Tap, probe, monitor, investigate what’s needed to deal with a particular crime or threat • Just in case • Capture all possible information so that, whenever something goes wrong, we can just play back the tape

  49. Some simple examples • Toll-gate license-plate photos • No longer needed if the bell doesn’t ring • But very helpful if you want to get a list of possible suspects for yesterday’s crime • Metro cards • Paying for your trip • Who was where when? • ATM cameras • If no robbery occurred, no need to retain • But might have caught a glimpse of a kidnapper

  50. Déjà Vu? • “Homeland Security Monitored Students” • “…surveillance by the Pentagon … database [of] … military protests and demonstrations at institutions of higher education …” • “Although there does not appear to be any direct terrorist nexus to the event, a large gathering, especially on a college campus, may gain momentum and create public safety concerns. I do not see an issue of civil liberties being violated, rather proactive precautionary measures being taken by DHS and DoD.” – William H. Parrish, Assoc. Prof. of Homeland Security, VCU

More Related